Magic Voice answers your phone, takes messages, and books appointments. We try to do that without becoming a new risk for your shop or your customers. Here’s how.
Authentication
Short-lived JWT access tokens with refresh-token rotation. Two-factor authentication via authenticator app (TOTP). Trusted Devices for a 30-day remember-me on machines you own. Logout invalidates the refresh token immediately. Refresh tokens live in httpOnly cookies, and cookie-authenticated mutations are CSRF-protected.
Customer payment data
All deposits, invoices, and customer payments flow through OrbisX, your existing CRM. Magic Voice charges only your subscription, via Stripe. We never store your customers’ payment methods, ever.
Recording and consent
Recording disclosure mode is configurable per shop. Two-party-consent state handling is built in. If a caller asks Emma to stop recording, she will. Recording status is visible to your team in the call log.
Data retention
Call transcripts are kept for 18 months. SMS messages and voicemails for 12 months. In-app notifications for 6 months. Tenant deletion is a soft-delete with audit trail, and we can restore on request within the retention window.
SMS compliance
Brand and campaign registration through The Campaign Registry, managed in-app. Carrier-mandated STOP, START, and HELP keywords are honored automatically. Use-case validation runs before any outbound message leaves your number.
Infrastructure
Per-tenant circuit breaker prevents one shop’s issue from cascading to others. Global rate limiting and request size limits protect against abuse. Soft deletes preserve audit trail. Sentry-tracked error reporting on every backend pathway.
We won’t put logos on this page that we haven’t earned. The following are not claims we make today. We’ll list them here when they’re real.
We take security reports seriously. Email support@getmagicvoice.com with the details and we’ll get back the same business day.